-4

When i browse my website, evrything works fine. The website connects with database and displays results. However, i get this error whenever it encounters mysql_resl_escape_string:

mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) in......

Please note that the website runs fine as soon as i remove the mysql_real_escape_string code from every page. But, this is not justified. What is the fix for this thing?

hakre
  • 193,403
  • 52
  • 435
  • 836
user2003663
  • 45
  • 1
  • 9
  • how do you use mysql_real_escape_string() ? – Art Planteur Feb 08 '13 at 09:01
  • mysql_real_escape_string() must be after mysql_connect() just check this –  Feb 08 '13 at 09:02
  • mysql_real_escape_string() requires a connection to have been established to a MySQL database server... have you already connected at this point or not? – Mark Baker Feb 08 '13 at 09:03
  • also what PHP version are you using? that function is not present in very old versions and will be removed in 5.5 – Naryl Feb 08 '13 at 09:03
  • is your site on local or another server? – Bhavik Shah Feb 08 '13 at 09:04
  • @Naryl: No, not removed in 5.5 ;) However, you should not use them any longer for new code, that's correct. – hakre Feb 08 '13 at 09:06
  • @user2003663: Show your code, normally that function will pick the last connection. Probably connecting to the database did not work in the first place? – hakre Feb 08 '13 at 09:07

4 Answers4

1

For mysql_real_escape_string to work, you first have to connect to MySQL via mysql_connect

Hanky Panky
  • 46,730
  • 8
  • 72
  • 95
0

The error means that the default mysql database connection is not properly configured within your php.ini.

You will likely use mysql_real_escape_string without having connected to the database first, which is the case that PHP will try to connect to the database with the default configuration from php.ini.

In your case these defaults didn't work well, that's all.

Change the configuration and the error goes away - or - provide a valid mysql database connection as parameter to the mysql_real_escape_string function call.

Additional Note: Drop the mysql_* functions to access your mysql database if you're writing new code. Choose Mysqli or PDO instead.

hakre
  • 193,403
  • 52
  • 435
  • 836
0

You you passing in the connection variable returned from mysql_connect as the second parameter?

On a side note, you should really be moving over to using PDO, it escapes strings automatically if you use its prepare function.

Kevin Orriss
  • 1,012
  • 3
  • 11
  • 24
-1

You are using this function wrong way.
Instead of processing only string values right before placing them in the query, you are processing all user input values somewhere at the top of your code.
It will lead you to sql injection

Your Common Sense
  • 156,878
  • 40
  • 214
  • 345